kernel: mark source kernel for netfilter backports

This helps keeping track on patches & adding new kernels in the future.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

1 files changed, 32 insertions, 0 deletions

diff --git a/target/linux/generic/backport-4.14/354-v4.18-netfilter-nf_flow_table-move-ip-header-check-out-of-.patch b/target/linux/generic/backport-4.14/354-v4.18-netfilter-nf_flow_table-move-ip-header-check-out-of-.patch
new file mode 100644
index 0000000000..4ee5532438
--- /dev/null
+++ b/target/linux/generic/backport-4.14/354-v4.18-netfilter-nf_flow_table-move-ip-header-check-out-of-.patch
@@ -0,0 +1,32 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Sat, 17 Feb 2018 11:51:20 +0100
+Subject: [PATCH] netfilter: nf_flow_table: move ip header check out of
+ nf_flow_exceeds_mtu
+
+Allows the function to be shared with the IPv6 hook code
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/netfilter/nf_flow_table_ip.c
++++ b/net/netfilter/nf_flow_table_ip.c
+@@ -181,9 +181,6 @@ static bool nf_flow_exceeds_mtu(const st
+ 	if (skb->len <= mtu)
+ 		return false;
+ 
+-	if ((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0)
+-		return false;
+-
+ 	if (skb_is_gso(skb) && skb_gso_validate_mtu(skb, mtu))
+ 		return false;
+ 
+@@ -222,7 +219,8 @@ nf_flow_offload_ip_hook(void *priv, stru
+ 	flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
+ 	rt = (const struct rtable *)flow->tuplehash[dir].tuple.dst_cache;
+ 
+-	if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)))
++	if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)) &&
++	    (ip_hdr(skb)->frag_off & htons(IP_DF)) != 0)
+ 		return NF_ACCEPT;
+ 
+ 	if (skb_try_make_writable(skb, sizeof(*iph)))